Details
Port locking prevents ARP and IP spoofing by unknown or untrusted VM guests. It limits their ability to pretend they have a MAC or IP address that was not assigned to them. This setting is the default for the network. If this is set to locked then each VM must be configured with a list of valid IPv4 and IPv6 addresses. A VM that tries to use an address that is not on its allowed list will not be able to send or receive network traffic.
Solution
Set the default locking mode for the VM guest network by running the following command:
xe network-param-set uuid=
NOTE: Any VM on this network must have an allowed list of IPv4 and IPv6 addresses or it will not be able to send or receive network traffic. See the XenServer 6.2 Administrator’s Guide for more information.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Unix.